What is Pharming?

Pharming is a social engineering hack in which attackers redirect internet users who attempt to visit a specified website to a different, false site. These “spoofed” websites try to obtain a victim’s personally identifiable information and log-in credentials, such as passwords, social security numbers, account numbers, etc., or install pharming malware on their machine. Pharmers frequently target financial websites, such as banks, online payment platforms, and e-commerce sites, with the ultimate goal of stealing people’s identities.

How Does Pharming Work?

Pharming takes advantage of the fundamentals of internet browsing; specifically, the sequence of letters that make an internet address must be transformed into an IP address by a DNS server before the connection may proceed.

Pharming targets this mechanism in one of two ways:

First, a hacker may transmit harmful code via email that installs a virus or Trojan on the user’s machine. This malicious code modifies the computer’s host file, redirecting traffic from its intended destination toward a bogus website. In this method of pharming, known as malware-based pharming, even if you enter the proper internet address, the corrupted host file will redirect you to the bogus site.

Second, the hacker may utilise DNS poisoning. DNS is called “Domain Name System”; pharmers can change a server’s DNS table, causing several users to access bogus websites instead of authentic ones accidentally. Pharmers can use phoney websites to install viruses or Trojans on the user’s computer or to acquire personal and financial information for identity theft.

While DNS servers are more difficult to attack because they are located on an organisation’s network and behind its defences, DNS poisoning can affect many victims, providing enormous incentives for cybercriminals. Poisoning may also propagate to other DNS servers. Any internet service provider (ISP) that receives information from a poisoned server may cache the corrupted DNS entry on its servers, causing it to spread to other routers and devices.

Pharming attacks are a hazardous type of internet fraud since they require minimal activity from the victim. In circumstances of DNS server poisoning, the afflicted person may have a malware-free machine and still become a victim. Adopting safeguards like manually typing the website address or utilising trusted bookmarks is insufficient because the redirection occurs after the computer submits a connection request.

When pharmers gain your personal information, they exploit it for fraud or sell it to other criminals on the dark web.

Phishing vs. Pharming

Phishing is a fraudulent activity in which thieves send emails that look to be from trustworthy organisations. The emails include malicious links that direct you to a bogus website where naive consumers enter sensitive information such as their username and password. Once you’ve provided this information, fraudsters can utilise it for criminal purposes.

Pharming is similar to phishing, except it lacks the inducement factor. Pharming has two stages: first, hackers install malicious code on your computer or server. Second, the code directs you to a fraudulent website, where you may be duped into disclosing personal information. Computer phishing does not require an initial click to direct you to a phoney website. Instead, you are instantly sent there, where the pharmers can access any personal information you provide.

Phishing involves fraudulent email, social media, or SMS messages that solicit your financial information, but pharming does not require a lure. As a result, pharming has been dubbed “phishing without a lure.” Pharming is seen to be more hazardous than phishing since it can infect a large number of computers without the victims’ knowledge. However, pharming assaults are less common than phishing since they involve substantially more effort from the attackers.

Signs of Pharming

Signs that you have been a victim of pharming include:

1. Unknown charges on your credit, or debit card.
2. Unposted posts or messages on your social media.
3. Friend or connection requests on social media that you did not send.
4. Changed passwords for any of your online accounts.
5. New programs appear on your device that you did not download or install.

How can iZOOlogic help my Company or Organisation?

Find out how iZOOlogic can protect your infrastructure from Pharming attacks through our Incident Response solutions under our Threat Management Services.

To find out more about how iZOOlogic can help protect your company’s cyber security, schedule a demo.